Over the past 15 years of working in the cybersecurity industry I have been privileged to have worked with highly intelligent, experienced and articulate colleagues. My experiences in large scale transformation programmes, workshops, interviews, managing both project and operational teams encompass consulting and internal business roles. These experiences led to interactions with hundreds of individuals where I have become aware of some consistent and humorous behaviour types displayed. These include eight positive and negative types including:
In 2018, as many people have predicted, we have seen explosive commercial growth of the Internet of Things (IoT) and wearable technologies. This has created an opportunity for cyber attackers to ply their trade and a new term – ‘Ransomwear’ – has been coined (see recent Symantec research on this). This can be understood as malware delivered through social engineering or pushed directly onto a wearable device.
There is some form of management reality beyond the “100 days” journalistic cliché: How does an incoming executive make an impact in a new role? What are the real timeframes to look at? What can be expected, and over what horizon? What are the key issues that should raise a red flag during the first few months in a new senior position? and those which can be ignored? Those are the themes we will be exploring in this new series around the specific role of the CISO.
The Person, the Role and the Culture of the Firm
"Many CISOs live day to day under the sword of Damocles”
A controversial quote to begin with, I admit. However, in the past few years, data breaches have become more prominent, impacting businesses, governments, healthcare, and even hairdressers! There is no let-up in sight and business leaders must pay attention to the cyber risks they face.
People simply trust other people
This excellent November piece from McKinsey on cyber security deserves a comment (“A Framework for Improving Cybersecurity discussions within Organizations” – Jason Choi / Harrison Lung / James Kaplan).
Security is not about “enabling” the business but “protecting” it
At the end of a keynote speech I gave at the excellent CIOWaterCooler LIVE! Event in London on 28th September 2017 on security organisation, governance and creating the dynamics for change around cyber security, I was asked a challenging question on which I would like to elaborate:
In 2013, a sophisticated Trojan known as “Shylock” was unleashed on millions of unsuspecting online banking customers. Its modus operandi was to stealthily install itself onto a computer and await banking transactions, upon which it drained the funds out of its victim’s accounts. Not only was this Trojan highly intelligent, but it also had strong self-preservation instincts.